Vulnerabilities scoring approach for cloud SaaS

Zhou LI; Cong TANG; Jian-bin HU; Zhong CHEN

Tongxin xuebao (Aug 2016)

Vulnerabilities scoring approach for cloud SaaS

Zhou LI,
Cong TANG,
Jian-bin HU,
Zhong CHEN

Affiliations

Zhou LI
Cong TANG
Jian-bin HU
Zhong CHEN

Journal volume & issue: Vol. 37
pp. 157 – 166

Abstract

Read online

There are full of challenges to score vulnerabilities of cloud services developed by different third-party pro-viders.Although there have been a few systems for scoring vulnerabilities (e.g.,CVSS) of many existing software,most of them are unable to be leveraged to score vulnerabilities in cloud services,because they fail to consider some important factors located in the clouds such as business context (i.e.,dependency relationships between services).VScorer,a novel security frame work to score vulnerabilities in various cloud services were presented based on different given require-ments.By inputting concrete business context and security requirement into VScorer,cloud provider can get a ranking list of vulnerabilities in the business based on the given security requirement.Following the ranking list,cloud provider was able to patch the most critical vulnerabilities first.A prototype was developed and VScorer can be demonstrazed to work better than current representative vulnerability scoring system CVSS.

SaaS;cloud service;vulnerability scoring system;CVSS

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords